QSearchQSearch

CVE-2026-28950

6.2 MEDIUM

A logging issue was addressed with improved data redaction

Published: 2026-04-22 · Last updated: 2026-05-17

Severity and scoring

CVSS
6.2 MEDIUM
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
CWE-359

Affected products

VendorProduct
appleipados, iphone_os

Description

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 15.8.8 and iPadOS 15.8.8, iOS 16.7.16 and iPadOS 16.7.16, iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2, iPadOS 17.7.11. Notifications marked for deletion could be unexpectedly retained on the device.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2025-46315 A permissions issue was addressed with additional restrictions (7.5 HIGH)
  • CVE-2025-46313 A logging issue was addressed with improved data redaction (5.5 MEDIUM)
  • CVE-2025-46308 An authorization issue was addressed with improved state management (5.3 MEDIUM)
  • CVE-2025-46293 This issue was addressed with improved handling of symlinks (5.5 MEDIUM)
  • CVE-2025-43339 An access issue was addressed with additional sandbox restrictions (5.5 MEDIUM)

Same CWE

  • CVE-2025-30459 A privacy issue was addressed by removing the vulnerable code (5.5 MEDIUM)
  • CVE-2026-26237 A missing authorization vulnerability has been reported to affect QuMagie (7.5 HIGH)
  • CVE-2026-25699 Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer (6.1 MEDIUM)
  • CVE-2020-25900 HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city (5.3 MEDIUM)
  • CVE-2026-8990 A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full acc...